CVE-2022-41963
- Source
- https://cve.org/CVERecord?id=CVE-2022-41963
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41963.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-41963
- Aliases
-
- GHSA-v6p9-926c-6qfp
- Published
- 2022-12-16T13:00:42.459Z
- Modified
- 2026-04-10T04:51:39.479516Z
- Severity
-
- 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- BigBlueButton contains Improper Preservation of Permissions for whiteboard
- Details
-
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41963.json", "cwe_ids": [ "CWE-281" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/bigbluebutton/bigbluebutton
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigbluebutton/bigbluebutton
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.2-beta-10
2.2-beta-11
2.2-beta-12
2.2-beta-14
2.2-beta-15
2.2-beta-16
2.2-beta-17
2.2-beta-18
2.2-beta-19
2.2-beta-2
2.2-beta-20
2.2-beta-21
2.2-beta-22
2.2-beta-23
2.2-beta-3
2.2-beta-4
2.2-beta-5
2.2-beta-6
2.2-beta-7
2.2-beta-8
2.2-beta-9
2.2-rc-1
2.2-rc-2
2.2-rc-3
2.4-rc-2
Other
dcs-2-a
v0.*
v0.8
v0.8b4
v0.8b4.0
v0.8rc2
v0.9.0-beta
v2.*
v2.3-alpha-1
v2.3-alpha-2
v2.3-alpha-3
v2.3-alpha-4
v2.3-alpha-5
v2.3-alpha-6
v2.3-alpha-7
v2.3-alpha-8
v2.3-beta-1
v2.3-beta-2
v2.3-beta-3
v2.3-beta-4
v2.3-beta-5
v2.3-rc-1
v2.3-rc-2
v2.3.0
v2.3.1
v2.4-alpha-1
v2.4-beta-1
v2.4-beta-2
v2.4-beta-3
v2.4-beta-4
v2.4-rc-1
v2.4-rc-3
v2.4-rc-4
v2.4-rc-5
v2.4-rc-6
v2.4-rc-7
v2.4.0
v2.4.1
v2.4.2